Firstly owning up and making changes: "I'm the Ubuntu installer maintainer, so obviously this bug is ultimately my fault. I'm sorry for that - it's clear it shouldn't have sneaked past QA. (We'll be updating our testing processes to be rather more careful about this sort of thing.)" - Colin Watson
Second quote: "We've never updated the ISO images for any released Ubuntu distributions. We don't intend to, either, unless some terrifying and unforeseen showstopper arises." -CJW
Terrifying showstopper?? You mean like this one?! This could affect their reputation for years. I'd destroy all CDs affected. It's one thing to screw up. It something different to knowingly mail that CD to another unsuspecting user.
I tend to agree. It is sad to see that it was written in the first place, but worse is that QA didn't find it, which calls into question their process. No free pass on this one.
On the other hand, I was planning to install it on a non-server/single-user system this week, and this installer bug won't change my mind. I do hope to see assurance from Ubuntu that they will make some changes based on this event. I also want to see if Shuttleworth takes that release delay and puts it to better use than just polishing the GUI.
However, the catch is that ALL ADS, bar none, must have this logo.
Fortunately, the "Dell recommends Windows® XP Professional" whoring is absent from the Linux Workstation page.
I don't see this as an actual barrier to promoting their Linux offerings. It may look odd, but if it sways anyone, they're just as likely to sell a Windows system instead. The question still remains: Do they think they won't sell a lot of these things, or do they not want to sell a lot of them for some reason?
I was thinking the same thing, because otherwise this is not news. Sadly - and all to frequently around here lately - it looks like the later. Files are not automatically shared out the USB port anymore than they are automatically shared out the ethernet port. The program has to be run from the Windows machine, which presumably will be locked to you. The CNET artical claims you don't need keyboard access, but the consultant's website makes no such claim, frequently comparing the iPod and usb drives interchangebly.
This maverick security guru wrote a program to browse the hard drive and copy files, after you have full access - in other words, after the hard part is conveniently taken care of for you. Lucky for us he crippled the version available for download, otherwise hackers would figure out how to copy files automatically too!
I'd skip the iPod and go with one of these usb sticks. (The 1GB version is the same size.) The guards would have to dig through my wallet thoroughly to find it. With current technology it's ridiculous to think you can't hide or disguise storage devices. You need to lock down and monitor all machines with sensitive data.
Needless to say, I'm unimpressed by this security guy, as I usually am by the ones who try to raise the alarm without an actual new exploit.
The American Red Cross was given protected use of the red cross symbol in a federal charter in 1900. It was already in popular use at that time, but so be it. Therefore it isn't likely to be the trademark law that you'll have to deal with.
The charter granted full legal standing to the organization and protected its right to use the red cross emblem while setting fines and punishment for misuse of the emblem and for false representation of the organization.
This is incorrect. Atheros, like everybody else, performs the 802.11 mac layer in hardware. You couldn't meet the timing requirements for proper operation with a normal laptop CPU. This new device is truly different, but it's generations of technology away from making it into any consumer device. 802.11 vendors already offer highly integrated, low-power, SOC solutions. The software radio is too far behind the curve to offer a comparable, let alone superior solution that would justify the additional software development costs and increased memory requirements.
I don't see a scenario in which this makes it into a cell phone. Where's the value in using five different wireless protocols? I'll be more than happy with a cellular/wlan VOIP phone, and for network roaming it has to be able to do both at the same time. We're so close to achieving this with wi-fi that the general purpose radio will have to fill a different need.
I almost forgot to mention that 11n will be out this year, and the general purpose radio will not be doing MIMO either. It's simply wrong to suggest that this is the way wi-fi will be implemented.
The cards have no firmware, the driver is entirely software, but the binary hal is not directly tied to the kernel, so it's independent of your kernel version.
How can you pass up so much 11g equipment that's free after rebate? I can see not needing 11n, but 11b-only is limiting you, by your own admission. Not upgrading now is either apathy or obstinance.
11n Draft compliant products will be out in less than six months. Obviously Vista won't beat that. Also, the pre-n stuff has been out less than a year. 11n avoided a stalemate of the magnitude that UWB had by end-running the IEEE process. There were so many claims that finalizing the draft outside the IEEE would delay the process, but it turns out the opposite was true. The moral? If you don't have the votes - and can't buy 'em - then take your partners and forge ahead. You might come back to the IEEE under better terms - or not - but waiting is death. Let's see how far UWB goes now.
Oh please, when is the last time someone lied to you in order to sell you something? I saw a Belkin display at MacWorld, and I asked the salesperson if their pre-n router would be upgradable to fully 802.11n compliant - just to see if they would be honest about it. Of course they weren't. Somehow I doubt the extra sales will shoot them in the foot.
You're right on the mark. If the laptop had DHCP or a fixed IP address, he'd be in the same boat. A sniffer will see DHCP discovery packets or ARP requests, and the attacker will configure his machine accordingly. So the exposure of link local is irrelevant here, and by his own admission, well documented. It sounds like this tech writer is new to networking - wireless or otherwise.
The only thing I would add is that when windows connects to the unsecured network automatically, "without asking you", that's because it did ask you when you first created the unsecured network on the wireless card, and the victim here must've said connect anyway. Bad decision.
DHCP does not make the problem more difficult. A windows client doesn't need an IP address to create an Ad Hoc network, and any associated computer can just run a DHCP server.
Anyway, as someone else mentioned, this isn't a security flaw. Since XP SP1 the user is warned when they create an unsecured wireless profile - for a reason.
We are sorry, but the entry you have selected is not currently available as part of the OED Online free access service. The full Dictionary will be searchable again for 48 hours after the next programme in the BBC series Balderdash and Piffle. Please see http://www.oed.com/bbcwords/about.html for details.
In the meantime, you may continue searching for words beginning with the letters featured in the programmes to date.
Alternatively, the full Oxford English Dictionary may be available via your public library, including an option for remote access at home. Please ask your local librarian for details.
Seems to me that both LMDS and MMDS were the subject of FCC auctions and that you can run a site unless you own the licence. and their are only one or two licences per goegraphic "cell" just like cellular licences, can anyone confirm this?
Did anyone click on the 96305851.6? It looks like IBM was trying to get a patent in Europe for:
Title of invention: Method and system in a data processing system windowing environment for displaying previously obscured information
I've been a Database programmer for many years, and I can tell you, the above description can mean about anything. Does anyone remember when OpenMarket patented the web shopping cart? This shows how moot the patent process has become reguarding software. If you missed it, i recommend reading the Herring article: "I'm gonna sue your ass" it really points out the folley of patenting software. My humble opinion is that all the patents do is make it hard for anyone to compete unless they have a million dollar patenting department full of IP (Intelectual Property) lawyers. Patents are a hold over from "Ivory Tower/cathedral" programming, discourage colaboration. The exact opposite of the Open Source ideals. I hope the EU gets the point. Even if the US still hasn't...
Everybody wants into the streaming media business, Apple is no exception, neither is Microsoft. Does anybody remember a couple a months ago when the CEO of RealMedia was screaming bloody murder because MS signed a bunch of agreements with them, and then *bundled* it's own player into IE50? That tells you how serious the big players are about this market. Both MS and RealMedia want to give away the players for free, and then make bank selling the servers. So it looks like Apple wants to do the opposite: free servers and charge for quicktime, interesting. I disagree on RTP/RTSP they're workable protocols, certainly better then ATMesque "QoS" (Don't get me started) but it's just that as soon as the big money ID'd this as an important market, all of their "hired-gun" programmers (read:lobbyists) started showing up for all the standards meetings, and screwed everything up. Exact same thing happened to VRML back in the day. The ironic part is that none of the fancy reservation protocols can take the place of just plain old tactic of builing "headspace" into the network.(but i digress...) The point is that Apple's move is going to throw a wrench in MS's hopes of owning this market. It's going to be hard for anyone to charge for a server, when there is a "Name-Brand" server available for free. Meanwhile, I'm streaming MP3's, onto my system, as I type, and they sound great. Even without anyone's big fancy server or reservation protocol.
Of course, their chances are still way out there, but I'm starting to think that Caldera is actually going to get a settlement. I hope that they do, they deserve every penny that they get. I think that it's funny that the Microsoft Lawyers would even question that FACT that MS products have a global effect. Does anyone understand what the thing that is going to happen in mid-august is?
Yea, I've noticed many large corporations are doing this same thing: releasing server stuff for Linux, (and getting the resulting media attention) but quietly omiting announcements about client app support. IBM is doing the same thing with it's DB2 stuff, you can get the server for free but all of their enterprise configuration tools are (and are going to stay) windows? It's not just that they don't think that there is interest in using Linux as a client/workstation, there has to be some internal motavation...
Slashdot Mirror
Well, 50-50 on the responses to this, I think.
Firstly owning up and making changes:
"I'm the Ubuntu installer maintainer, so obviously this bug is ultimately my fault. I'm sorry for that - it's clear it shouldn't have sneaked past QA. (We'll be updating our testing processes to be rather more careful about this sort of thing.)" - Colin Watson
Second quote:
"We've never updated the ISO images for any released Ubuntu distributions. We don't intend to, either, unless some terrifying and unforeseen showstopper arises." -CJW
Terrifying showstopper?? You mean like this one?! This could affect their reputation for years. I'd destroy all CDs affected. It's one thing to screw up. It something different to knowingly mail that CD to another unsuspecting user.
I tend to agree. It is sad to see that it was written in the first place, but worse is that QA didn't find it, which calls into question their process. No free pass on this one.
On the other hand, I was planning to install it on a non-server/single-user system this week, and this installer bug won't change my mind. I do hope to see assurance from Ubuntu that they will make some changes based on this event. I also want to see if Shuttleworth takes that release delay and puts it to better use than just polishing the GUI.
However, the catch is that ALL ADS, bar none, must have this logo.
Fortunately, the "Dell recommends Windows® XP Professional" whoring is absent from the Linux Workstation page.
I don't see this as an actual barrier to promoting their Linux offerings. It may look odd, but if it sways anyone, they're just as likely to sell a Windows system instead. The question still remains: Do they think they won't sell a lot of these things, or do they not want to sell a lot of them for some reason?
maybe the app runs on the iPod
I was thinking the same thing, because otherwise this is not news. Sadly - and all to frequently around here lately - it looks like the later. Files are not automatically shared out the USB port anymore than they are automatically shared out the ethernet port. The program has to be run from the Windows machine, which presumably will be locked to you. The CNET artical claims you don't need keyboard access, but the consultant's website makes no such claim, frequently comparing the iPod and usb drives interchangebly.
This maverick security guru wrote a program to browse the hard drive and copy files, after you have full access - in other words, after the hard part is conveniently taken care of for you. Lucky for us he crippled the version available for download, otherwise hackers would figure out how to copy files automatically too!
I'd skip the iPod and go with one of these usb sticks. (The 1GB version is the same size.) The guards would have to dig through my wallet thoroughly to find it. With current technology it's ridiculous to think you can't hide or disguise storage devices. You need to lock down and monitor all machines with sensitive data.
Needless to say, I'm unimpressed by this security guy, as I usually am by the ones who try to raise the alarm without an actual new exploit.
The American Red Cross was given protected use of the red cross symbol in a federal charter in 1900. It was already in popular use at that time, but so be it. Therefore it isn't likely to be the trademark law that you'll have to deal with.
http://www.redcross.org/museum/charters.html
The charter granted full legal standing to the organization and protected its right to use the red cross emblem while setting fines and punishment for misuse of the emblem and for false representation of the organization.
Otherwise, you guys would be right.
This is incorrect. Atheros, like everybody else, performs the 802.11 mac layer in hardware. You couldn't meet the timing requirements for proper operation with a normal laptop CPU. This new device is truly different, but it's generations of technology away from making it into any consumer device. 802.11 vendors already offer highly integrated, low-power, SOC solutions. The software radio is too far behind the curve to offer a comparable, let alone superior solution that would justify the additional software development costs and increased memory requirements.
I don't see a scenario in which this makes it into a cell phone. Where's the value in using five different wireless protocols? I'll be more than happy with a cellular/wlan VOIP phone, and for network roaming it has to be able to do both at the same time. We're so close to achieving this with wi-fi that the general purpose radio will have to fill a different need.
I almost forgot to mention that 11n will be out this year, and the general purpose radio will not be doing MIMO either. It's simply wrong to suggest that this is the way wi-fi will be implemented.
The cards have no firmware, the driver is entirely software, but the binary hal is not directly tied to the kernel, so it's independent of your kernel version.
How can you pass up so much 11g equipment that's free after rebate? I can see not needing 11n, but 11b-only is limiting you, by your own admission. Not upgrading now is either apathy or obstinance.
11n Draft compliant products will be out in less than six months. Obviously Vista won't beat that. Also, the pre-n stuff has been out less than a year. 11n avoided a stalemate of the magnitude that UWB had by end-running the IEEE process. There were so many claims that finalizing the draft outside the IEEE would delay the process, but it turns out the opposite was true. The moral? If you don't have the votes - and can't buy 'em - then take your partners and forge ahead. You might come back to the IEEE under better terms - or not - but waiting is death. Let's see how far UWB goes now.
Oh please, when is the last time someone lied to you in order to sell you something? I saw a Belkin display at MacWorld, and I asked the salesperson if their pre-n router would be upgradable to fully 802.11n compliant - just to see if they would be honest about it. Of course they weren't. Somehow I doubt the extra sales will shoot them in the foot.
You're right on the mark. If the laptop had DHCP or a fixed IP address, he'd be in the same boat. A sniffer will see DHCP discovery packets or ARP requests, and the attacker will configure his machine accordingly. So the exposure of link local is irrelevant here, and by his own admission, well documented. It sounds like this tech writer is new to networking - wireless or otherwise.
The only thing I would add is that when windows connects to the unsecured network automatically, "without asking you", that's because it did ask you when you first created the unsecured network on the wireless card, and the victim here must've said connect anyway. Bad decision.
DHCP does not make the problem more difficult. A windows client doesn't need an IP address to create an Ad Hoc network, and any associated computer can just run a DHCP server.
Anyway, as someone else mentioned, this isn't a security flaw. Since XP SP1 the user is warned when they create an unsecured wireless profile - for a reason.
Evil, pure and simple.
We are sorry, but the entry you have selected is not currently available as part of the OED Online free access service. The full Dictionary will be searchable again for 48 hours after the next programme in the BBC series Balderdash and Piffle. Please see http://www.oed.com/bbcwords/about.html for details.
In the meantime, you may continue searching for words beginning with the letters featured in the programmes to date.
If you would like to purchase a personal subscription to OED Online please go to http://www.oed.com/subscribe/individuals-rw.html. Prices start from as little as £8.80 for a week.
Alternatively, the full Oxford English Dictionary may be available via your public library, including an option for remote access at home. Please ask your local librarian for details.
Nice little bait and... advertise.
Seems to me that both LMDS and MMDS were the subject of FCC auctions and that you can run a site unless you own the licence. and their are only one or two licences per goegraphic "cell" just like cellular licences, can anyone confirm this?
Does anyone remember when OpenMarket patented the web shopping cart? This shows how moot the patent process has become reguarding software.
If you missed it, i recommend reading the Herring article: "I'm gonna sue your ass" it really points out the folley of patenting software. My humble opinion is that all the patents do is make it hard for anyone to compete unless they have a million dollar patenting department full of IP (Intelectual Property) lawyers. Patents are a hold over from "Ivory Tower/cathedral" programming, discourage colaboration. The exact opposite of the Open Source ideals. I hope the EU gets the point. Even if the US still hasn't...
Everybody wants into the streaming media business, Apple is no exception, neither is Microsoft. Does anybody remember a couple a months ago when the CEO of RealMedia was screaming bloody murder because MS signed a bunch of agreements with them, and then *bundled* it's own player into IE50?
That tells you how serious the big players are about this market. Both MS and RealMedia want to give away the players for free, and then make bank selling the servers. So it looks like Apple wants to do the opposite: free servers and charge for quicktime, interesting.
I disagree on RTP/RTSP they're workable protocols, certainly better then ATMesque "QoS" (Don't get me started) but it's just that as soon as the big money ID'd this as an important market, all of their "hired-gun" programmers (read:lobbyists) started showing up for all the standards meetings, and screwed everything up. Exact same thing happened to VRML back in the day. The ironic part is that none of the fancy reservation protocols can take the place of just plain old tactic of builing "headspace" into the network.(but i digress...)
The point is that Apple's move is going to throw a wrench in MS's hopes of owning this market. It's going to be hard for anyone to charge for a server, when there is a "Name-Brand" server available for free.
Meanwhile, I'm streaming MP3's, onto my system, as I type, and they sound great. Even without anyone's big fancy server or reservation protocol.
Of course, their chances are still way out there, but I'm starting to think that Caldera is actually going to get a settlement. I hope that they do, they deserve every penny that they get. I think that it's funny that the Microsoft Lawyers would even question that FACT that MS products have a global effect. Does anyone understand what the thing that is going to happen in mid-august is?
Yea, I've noticed many large corporations are doing this same thing: releasing server stuff for Linux, (and getting the resulting media attention) but quietly omiting announcements about client app support. IBM is doing the same thing with it's DB2 stuff, you can get the server for free but all of their enterprise configuration tools are (and are going to stay) windows? It's not just that they don't think that there is interest in using Linux as a client/workstation, there has to be some internal motavation...